Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-0050

Published: 07/01/2009 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Entrouvert

Vulnerability Summary

Lasso 2.2.1 and previous versions does not properly check the return value from the OpenSSL DSA_verify function, which allows remote malicious users to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Vulnerable Product Search on Vulmon Subscribe to Product

entrouvert lasso

entrouvert lasso 2.0.0-1

entrouvert lasso 1.9.9.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-0050: Insufficient certificate validation
Debian Bug report logs - #511262 CVE-2009-0050: Insufficient certificate validation Package: lasso; Maintainer for lasso is Frederic Peters <fpeters@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 8 Jan 2009 21:36:02 UTC Severity: grave Tags: security Fixed in versions lasso/221-2, lasso/ ...

References

CWE-20http://www.ocert.org/advisories/ocert-2008-016.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/47837http://www.securityfocus.com/archive/1/499827/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511262https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook